TimelinePI Data Security

TimelinePI is a SaaS Web application offered by TimelinePI,
Inc. The application is hosted on
virtual servers managed by Amazon Web Services.
This environment complies with a wide array of security features and certifications
which can be found here: https://aws.amazon.com/security/

ISO 27001

SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously
SAS 70 Type II)

PCI Level 1

FISMA Moderate

Sarbanes-Oxley (SOX)

Amazon Web Services provides the proper server
administration, applies the necessary patches and updates, manages firewalls
and other system software such as intrusion detection and virus protection.

Specific to data security features implemented within the
TimelinePI application architecture, TimelinePI has been designed to provide
additional security protections as follows:

Customer data is encrypted at all time: during
the transmission and at rest.

All source (raw) data to be loaded to the cloud
is first parsed on the client, inside the corporate firewall, so the user can
explicitly control which data elements (fields) are actually loaded into the
TimelinePI analysis software versus having to load the entire raw file to the
server.

Users are encouraged to avoid loading data which
is classed as Personally Identifiable Information (PII), Protected Health
Information (PHI) or Payment Card Information (PCI) in its raw form. If, however, such data is required for analyses,
TimelinePI provides client-side data preparation utility for one-way hashing of
any sensitive data that allows it to be used logically for analysis but
prevents it from ever being converted back into its original form.

Parsed records from source data are saved into the
Postgres Relational Service administered by AWS which ensures proper compliance
with policies and updates https://aws.amazon.com/rds/postgresql/

Users do not have direct access to the database.
Only the application services from the cloud may access it.

Continuous data backup and reserve copying is
performed by AWS as a core service ensuring data never leaves the control of
the AWS environment.

Any access to the project data requires user
authentication.

Application supports login/password and two-factor
authentication.

Strong password policy is always enforced.

User account is locked after three consecutive
failed login attempts.

Project access could be restricted to the user
from the corporate domain.

Application supports role-base authorization
with different levels of access doe each role.

Project owner defines the authentication
requirements for a given project.

Project owner explicitly grants permissions for
the users to access the projects and defines the roles for each user.

All sessions have expiration timeout.

All user actions are permanently logged into the
administrative database.